001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020package org.apache.directory.server.kerberos.shared.crypto.encryption; 021 022 023import java.security.NoSuchAlgorithmException; 024import java.util.Collections; 025import java.util.EnumMap; 026import java.util.HashMap; 027import java.util.Map; 028import java.util.Set; 029 030import javax.crypto.KeyGenerator; 031import javax.crypto.SecretKey; 032 033import org.apache.directory.server.i18n.I18n; 034import org.apache.directory.shared.kerberos.codec.types.EncryptionType; 035import org.apache.directory.shared.kerberos.components.EncryptionKey; 036import org.apache.directory.shared.kerberos.exceptions.ErrorType; 037import org.apache.directory.shared.kerberos.exceptions.KerberosException; 038 039 040/** 041 * A factory class for producing random keys, suitable for use as session keys. For a 042 * list of desired cipher types, Kerberos random-to-key functions are used to derive 043 * keys for DES-, DES3-, AES-, and RC4-based encryption types. 044 * 045 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 046 */ 047public class RandomKeyFactory 048{ 049 /** A map of default encryption types mapped to cipher names. */ 050 private static final Map<EncryptionType, String> DEFAULT_CIPHERS; 051 052 static 053 { 054 EnumMap<EncryptionType, String> map = new EnumMap<>( EncryptionType.class ); 055 056 map.put( EncryptionType.DES_CBC_MD5, "DES" ); 057 map.put( EncryptionType.DES3_CBC_SHA1_KD, "DESede" ); 058 map.put( EncryptionType.RC4_HMAC, "RC4" ); 059 map.put( EncryptionType.AES128_CTS_HMAC_SHA1_96, "AES" ); 060 map.put( EncryptionType.AES256_CTS_HMAC_SHA1_96, "AES" ); 061 062 DEFAULT_CIPHERS = Collections.unmodifiableMap( map ); 063 } 064 065 066 /** 067 * Get a map of random keys. The default set of encryption types is used. 068 * 069 * @return The map of random keys. 070 * @throws KerberosException 071 */ 072 public static Map<EncryptionType, EncryptionKey> getRandomKeys() throws KerberosException 073 { 074 return getRandomKeys( DEFAULT_CIPHERS.keySet() ); 075 } 076 077 078 /** 079 * Get a map of random keys for a list of cipher types to derive keys for. 080 * 081 * @param ciphers The list of ciphers to derive keys for. 082 * @return The list of KerberosKey's. 083 * @throws KerberosException 084 */ 085 public static Map<EncryptionType, EncryptionKey> getRandomKeys( Set<EncryptionType> ciphers ) 086 throws KerberosException 087 { 088 Map<EncryptionType, EncryptionKey> map = new HashMap<>(); 089 090 for ( EncryptionType encryptionType : ciphers ) 091 { 092 map.put( encryptionType, getRandomKey( encryptionType ) ); 093 } 094 095 return map; 096 } 097 098 099 /** 100 * Get a new random key for a given {@link EncryptionType}. 101 * 102 * @param encryptionType 103 * 104 * @return The new random key. 105 * @throws KerberosException 106 */ 107 public static EncryptionKey getRandomKey( EncryptionType encryptionType ) throws KerberosException 108 { 109 String algorithm = DEFAULT_CIPHERS.get( encryptionType ); 110 111 if ( algorithm == null ) 112 { 113 throw new KerberosException( ErrorType.KDC_ERR_ETYPE_NOSUPP, I18n.err( I18n.ERR_616, 114 encryptionType.getName() ) ); 115 } 116 117 try 118 { 119 KeyGenerator keyGenerator = KeyGenerator.getInstance( algorithm ); 120 121 if ( encryptionType.equals( EncryptionType.AES128_CTS_HMAC_SHA1_96 ) ) 122 { 123 keyGenerator.init( 128 ); 124 } 125 126 if ( encryptionType.equals( EncryptionType.AES256_CTS_HMAC_SHA1_96 ) ) 127 { 128 keyGenerator.init( 256 ); 129 } 130 131 SecretKey key = keyGenerator.generateKey(); 132 133 byte[] keyBytes = key.getEncoded(); 134 135 return new EncryptionKey( encryptionType, keyBytes ); 136 } 137 catch ( NoSuchAlgorithmException nsae ) 138 { 139 throw new KerberosException( ErrorType.KDC_ERR_ETYPE_NOSUPP, nsae ); 140 } 141 } 142}